Cyber Heroes Wield Keyboards

Quick reminder to tune in to tomorrow’s (4/9) Preparing for the Attack webinar featuring an all-star lineup of guests discussing all things cyber resilience. (For those reading after 4/9, it’s available on demand at the same link.)

Saving the Internet

Andres Freund, a software engineer at Microsoft, might have the 2024 Person of the Year award locked up thanks to his accidental discovery of a hidden backdoor in part of the Linux operating system that could have been exploited for a major cyberattack.

Professor Bill Buchanan explains the situation on Medium: “Andres ran some tests on why a software tool was running so slow and found a backdoor within a third-party library on the Linux operating system and related to an SSH server application (OpenSSH). This application is used for many purposes, including logging into Cloud systems and authenticating onto private GitHub repositories.”

Investigation into the backdoor reveals that it wasn’t accidental. A hacker or group of hackers seems to have been working on this for a while, with test code starting to appear in Linux distributions in January 2024 and traces of activity all the way back to 2022.

Alex Stamos, chief trust officer at SentinelOne, told The New York Times: “This could have been the most widespread and effective backdoor ever planted in any software product. [Undetected, the backdoor would have] given its creators a master key to any of the hundreds of millions of computers around the world that run SSH.” Such access could be used for planting malware or cause major disruptions.

Wonder who will play Freund in the movie adaptation of this heroic tale?

The Resilience Rundown: Cyber Resilience Strategies

In this week’s episode of The Resilience Rundown, host Thomas Bryant is joined by Darren Thomson , Field CTO of EMEA & India for Commvault, to delve into what goes into a good cyber resilience strategy:

Subscribe: Apple Podcasts | Spotify | YouTube

Things of note that have caught our eye:

• Are ransomware attacks declining in 2024? Depends who you ask (SC Media): Comparitech found a decrease in confirmed ransomware attacks so far in 2024, but there seems to be a discrepancy in the number of unconfirmed attacks so it’s hard to really know if things have slowed.
• Risky business: 6 steps to assessing cyber risk for the enterprise (CSO): A nice high-level look at what’s needed to properly assess an enterprise’s cyber risk.
• 4 Things You Need to Know About Health Care Cyberattacks (The New York Times): “We should all be terrified,” said D.J. Patil, the head of technology at the insurance company Devoted Health and the former chief data scientist of the federal Office of Science and Technology Policy.
• Encouraging Proactiveness Rather than Reactiveness (USA Today): “Cybersecurity performance is not something we should allow to fluctuate. The repercussions are too drastic, and the risks are too high,” says Dr. Dave Chatterjee, a cybersecurity expert and associate professor at the University of Georgia.

If you're going, here is where we'll be.